The case concerning the security breach of the Exchange services of the American giant Microsoft continues.
Recently, it was discovered in Belgium that nearly 400 computer systems were able to be infiltrated thanks to the exploitation of the vulnerability of Exchange's servers. The information was brought to the attention of the general public during a statement from the Centre for Cybersecurity Belgium. The institution warns of a possible "tsunami of cyberattacks" that could occur in the coming weeks.
This article will also interest you: Exchange piracy: security experts worried about the presence of a ransomware
"From vulnerable server lists, we were able to detect more than 400 systems where some form of intrusion occurred. This means that malicious parties have entered these systems and are now waiting to take action," stresses the Centre for Cybersecurity Belgium. The institution's fear over a proliferation of ransomware-based attacks. He warns that the coming week is likely to be quite hectic in this regard.
The Centre for Cybersecurity Belgium explains that a large part of the servers that were Vulnerable have been updated. However, there are still a thousand computer systems still vulnerable to computer attacks. This makes an impressive figure while showing the impending danger.
Hackers would install web shells to make it easier to operate web shells, in order to gain access to the computer systems they target. This helps them to operate without attracting too much attention without raising suspicions.
"This allows them to keep a line of communication open, so to speak, in order to launch an attack later. In the lists we reviewed, we found at least 400 servers with a Shell web installed. In other cases, hackers may have installed other malware, in addition to the web shells in question, in order to mount an attack at a later date, such as a ransomware," the CyberSecurity Center noted in its statement.
For companies that have already carried out the security updates, the instruction is to remain vigilant. They are expected to continue to monitor their computer systems in order to look for potential traces that cyber criminals could have left behind during intrusions or updates. Just to be able to avoid a recurrence. In addition, "Companies and organizations that use Exchange Online with a hybrid configuration or an exchange server on site for administrative applications must immediately update systems, remove web shells, verify what happened and detect any suspicious activity," the Belgium CyberSecurity Center recommended in its statement.
In addition, it should be noted that the computer attack that took advantage of Microsoft Exchange's security vulnerabilities would have affected nearly 1,000 computer systems worldwide. For now, China has been singled out by U.S. authorities for sponsoring this wave of cyberattacks. They promised a response.
Now access an unlimited number of passwords: